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REAL PARTY TN INTEREST 
The real party in interest is Hewlett-Packard Development Company, LP having a 
principal place of business at 20555 S.H. 249 Houston, TX 77070, U.S.A. (hereinafter 
*'HPDC"). HPDC is a Texas limited partnership and is a whoUy-ow'ned afFiliate of Hewlett- 
Packard Company, a Delaware corporation, headquartered in Palo Alto, CA. The general or 
managing partner of HPDC is HPQ Holdings, LLC. 

RELATED APPEALS AND INTERFERENCES 
There are no other appeals or interferences known to Appellant that vrill have a 
bearing on the Board's decision in the present Appeal. 

STATUS OF CLAIMS 
In a Final Office Action mailed November 28, 2006, claims 1, 3, 4, 6-13, 1 5, 16, and 18-24 
were finally rejected. Claims 1, 3, 4, 6-13, 15, 16, and 18-24 are pending in the application, 
and are the subject of the present Appeal, 

STATUS OF AMENDMEIsfTS 
No amendments have been entered subsequent to the Final Office Action mailed 
November 28, 2006. The claims listed in the Claims Appendix, therefore, reflect the claims 
as of November 28, 2006, 

SUMMARY OF THE CLAIMED SUBJECT MATTER 
The Summary is set forth as exemplary embodiments corresponding to the language 
of independent claims 1 and 13. Discussions about elements of claims 1 and 13 can be found 
at least at the cited locations in the specification and drawings. 

One aspect of the present invention, as claimed in independent claim 1, provides a 
public key authorization infrastructure (30) comprising a client program (34) accessible by a 
user and an application program (36, 38, 40). The public key authorization infrastructure 
comprises a certificate authority (32) issuing a long-term public key identity certificate (long- 
term certificate) (60) that binds a public key (64) of the user to long-term identification 
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information (66) related to the xiser. The public key authorization infrastructure comprises a 
directory (42) for storing short-term authorization information related to the user. The public 
key authorization infrastructure comprises a credentials server (44) for issuing a short-term 
public key credential cenificate (short-term certificate) (70) to the client, the short-term 
certificate binds the public key of the user to the long-term identification information related 
to the user from the long term certificate and to the short-term authorization information (77) 
related to the user from the directory. The short-term certificate includes meta-data (72) 
related to the short-term certificate and at least one of an expiration date and an expiration 
time and is never subject to revocation. The client program presents the short-term certificate 
to the application program for authorization and demonstrates that the user has knowledge of 
a private key (46) corresponding to the public key in the short-term certificate. See 
specification at page P, line II through page 14, line 30: and Figures 1-4, 

One aspect of the present invention, as claimed in independent claim 13, provides a 
method of authorizing a user comprising issuing a long-term public key identity certificate 
(long-term certificate) (60) that binds a public key (64) of the user to long-term identification 
information (66) related to the user. The method comprises storing short-term authorization 
information (77) related to the user. The method comprises issuing a short-term public key 
credential certificate (short-term certificate) (70) that binds the public key of the user to the 
long-term identification information related to the user contained in the long-term certificate 
and to the short-term authorization information related to the user wherein the short-term 
certificate includes meta-data (72) related to the short-term certificate and at least one of an 
expiration date and an expiration time and is never subject to revocation. The method 
includes presenting the short-term certificate on behalf of the user to an application program 
for authorization and demonstrating that the user has knowledge of a private key (46) 
corresponding to the public key in the short-term certificate. See specification at page 15, 
tine / through page 16, line 16; and Figure S for an embodiment of a generalized 
authorization protocol See specification at page 16, line 17 through page 24, line 26: and 
Figures 6-9 for an embodiment of amore detailed authorization protocol. See also 
Specification at page P, line 11 through page 14, line 30; and Figures 1-4 for the describing 
and illustrating an embodiment of a public key authorization infrastructure that can perform 
the method of independent claim 13. 
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GROUNDS OF REJECTION TO BE REVIEWED ON APPEAL 

I. Claims 1, 3, 6, 8, 10, 13, 15, 18, 20 and 22 stand rejected under 35 U,S.C. §103(a) 
as being unpatentable over Riggins US Patent No. 6,233,341 in view of Butt US 
Patent No, 6,754,829. 

II. Claim 4 and 16 stands rejected under 35 U.S.C. §103(a) as being unpatentable 
over Riggins US PatentNo. 6,233,341 in view of Butt US Patent No. 6,754,829 in 
view ofNoarUS Patent No, 6,226,743. 

IIL Claims 7, 9 , 1 9 and 21 stand rejected under 35 U.S.C. § 103Ca) as being 

unpatentable over Riggins US Patent No. 6,233,341 in view of Butt US Patent No. 
6,754,829 in view of Howell US Patent No. 5,276,901. 

IV. Claims 1 1 and 23 stand rejected under 35 U.S.C. § 103(a) as being unpatentable 
over Riggins US Patent No, 6,233,341 in view of Butt US Patent No. 6,754,829 in 
view of Maniyama US Patent No. 6,393,563. 

V. Claims 12 and 24 stand rejected under 35 U.S.C. § 103(a) as being unpatentable 
over Riggim US Patent No. 6,233,341 in view of Butt US Patent No. 6,754,829 in 
view of Kausik US Patent No. 6,263.446. 

ARGUMENT 

I- The Applicable Law 

With regard to a 35 U.S.C. § 103 obviousness rejection: "Patent examiners carry the 
responsibility of making sure that the standard of patentability enunciated by the Supreme 
Court and by the Congress is applied in each and everv case ." M.P.E.P. 2141 (emphasis in 
the original). The Examiner bears the burden under 35 U.S.C, § 103 in establishing nprima 
facie case of obviousness. In re Fine, 837 F.2d 1071, 1074, 5 USPQ2d 1596, 1598 (Fed. Cir. 
1988). 

Three criteria must be satisfied to establish a prima facie case of obviousness. First, 
the Examiner must show that some objective teaching in the prior art or some knowledge 
generally available to one of ordhiary skill in the art would teach, suggest, or motivate one to 
modify a reference or to combine the teachings of mxxltiple references. Jn re Fine at 1074. 
Second, the prior art can be modified or combined only so long as there is a reasonable 
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expectation of success. In re Merck & Co., Inc., 800 F.2d 1091, 231 USPQ 375, 379 (Fed, 
Cir, 1986). Third, the reference or combined references must teach or suggest all of the claim 
limitations. In re Royka, 490 F,2d 981 „ 1 80 USPQ 580 (C.C.P.A. 1974). 
The court in Fine stated: 

Obvio\isne$s is tested by '^vhat the combined teaching of the references would 
have suggested to those of ordinary skill in the art," But it "cannot be 
established by combining the teachings of the prior art to produce the claimed 
invention, absent some teaching or suggestion supporting the combination.** 
And "teachings of references can be combined only if there is some suggestion 
or incentive to do so." 
In re Fm&, 5 USPQ2d at 1599 (citations omitted). 

There must be some teaching somewhere that provides the suggestion or motivation 

to combine prior art teachings and applies that combination to solve the same or similar 

problem that it addresses, Inr^Nibsen, 851 F.2d 1401, 140337USPQ2d 1500, 1502 (Fed. 

Cir. 1988); In re Wood, 599 F.2d 1032, 1037, 202 USPQ 171, 174 (C.C.P.A, 1979). In 

particular, 'The teaching or suggestion to make the claimed combination and the reasonable 

expectation of success must both be found in the prior art, and not based upon Appellant's 

disclosure. In re Vaeck, 947 F.2d 488, 20 USPQ2d 1438 (Fed. Cir. 1991); M.P-E.P, § 2142 

(emphasis added). 

The test for obviousness under § 103 must take into consideration the invention as a 
whole; that is, one must consider the particular problem solved by the combination of 
elements that define the invention. Interconnect Planning Corp, v. Feil, 774 F.2d 1 132, 
1 143, 227 USPQ 543, 551 (Fed. Cir. 1985). Furthennore. claims must be interpreted in light 
of the specification, claim language, other claims, and prosecution history, Panduit Corp. v. 
Dennison Mfg. Co., 810 F,2d 1561, 1568, 1 USPQ2d 1593, 1597 (Fed. Cir. 1987), cert 
denied, 481 U.S. 1052 (1 987). At the same time, a prior patent cited as a § 103 reference 
must be considered in its entirety, "/.e. as a whole, including portions that lead away from the 
invention." Id. That is, the Examiner must recognize and consider not only the similarities, 
but also the critical differences between the claimed invention and the prior art as one of the 
factual inquiries pertinent to any obviousness inquiry under 35 U.S.C. § 103. In re Bond, 910 
F.2d 831, 834, 15 USPQ2d 1566, 1568 (Fed. Cir. 1990) (emphasis added). Finally, the 
Examiner must avoid hindsight. Id. 
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With regard for the test for obviousness under § 1 03, a statement that modifications of 
the prior art to meet the claimed invention would have been " ' well within the ordinary skill 
of the art at the time the claimed invention was made' " because the references relied upon 
teach that all aspects of the claimed invention were individually known in the art is not 
sufficient to establish a prima facie case of obviousness without some objective reason to 
combine the teachings of the references. Ex parte Levengood, 28 USPQ2d 1300 (Bd. Pat, 
App. & Inter. 1993); M.P.E.P. § 2143.01 (emphasis in the original). 

In conclusion, an Appellant is entitled to a patent grant if any one of the elements of a 
^ prima facie case of obviousness is not established. The Federal Circuit has endorsed this 

view in stating: "If examination at the initial stage does not produce a prima facie case of 
unpatentability, then without more the Appellant is entitled to grant of the patent." In re 
Oetiker, 977 F.2d 1443, 1446, 24 USPQ2d 1443, 1448 (Fed. Cir. 1992). 

IT* Rejection of claims 1, 3» 6, 8, 10, 13, 15, 18, 20 and 22 under 35 U-S.C §103(a) as 
being unpatentable over Riggins US Patent No* 6,233,341 in view of Butt US Patent No. 
6,754,829. 

The Examiner admits that the Riggins patent does not teach a short-term certificate 
that is not subject to revocation prior to expiration. Thus, the Riggins patent does not teach 
or suggest the limitations of amended independent claims 1 and 13 that the short-term 
certificate "is never subject to revocation." The Examiner cites that Butt et ah patent to teach 
short lived certificates that removes the need for revocation. 

The combination of the Riggins patent and the Butt et al. patent, however, does not 

teach or suggest the limitations of amended independent claims 1 and 13 of the short-term 

certificate including at least one of an expiration date and an expiration time and is never 

. subject to revocation. The Riggins patent at colximn 3, lines 17-19 states that "[tjemporary 

certificates can safely be installed because they expire quickly and can be revoked when the 

user leaves the remote site," The Riggins patent illustrates a client method for managing a 

temporary certificate 400 in Figure 8 and states at column 13, lines 40-47 that 

If the certificate maintenance Downloadable has determined that 
the temporary certificate 400 has almost expired, the certificate 
maintenance downloadable 340 in step 825 determines whether the 
user is done with the session, preferably, by asking the user. If the 
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xiser is done, then the certificate maintenance Downloadable 345 in 
step 855 de-installs the temporary certificate 400. 

The Riggins patent at column 14, lines 6-12 further states 

If the temporary certificate 400 has not almost expired, then the certificate 
maintenance Downloadable in step 820 waits. The certificate maintenance 
Downloadable 340 in step 845 determines if the user is done with the session. If not, 
then the method 800 returns to step 815. Otherwise, the certificate maintenance 
Downloadable 340 in step 850 adds the temporary certificate 400 to the revocation 
list 335. {emphasis added) 

The Riggins patent states at column 14, lines 46-48 "the secure conmiunications engine 147 
determines if the temporary certificate 400 has expired or whether the user has logged out." 
Thus, in the Riggins system that uses a temporary certificate at a remote site, the system 
relies on that when the user logs out of the remote site that the temporary certificate is 
revoked. Contrary to the Examiners assertion in the Final Office Action, in Figure 8 and the 
corresponding text of the Riggins patent, the temporary certificate will be revoked if the 
certificate is not almost ejqpired and the user is done with the session (i.e, logged out), and in 
the method illustrated in Figure 9, the secure communication engine only needs to determine 
if the temporary certificate has expired or whether the user has logged out. 

The Butt et al. patent discloses beginning at column 9, line 32 that the core only 
grants session certificates to authenticated operators, and session certificates are created on- 
the-fly, and then destroyed once an operator's session with the manageable device has 
terminated, and that once a console session terminates the certificate (and its private key) is 
automatically lost. 

Thus, in the Riggins system that uses a temporary certificate at a remote site, the 
system relies on that when the user logs out of the remote site that the temporary certificate is 
revoked and in the Butt et al. patent the session certificate is destroyed and the certificate 
(and its private key) is automatically lost once the session terminates. By contrast, if a 
similar embodiment is implemented according to the invention claimed in amended 
independent claims 1 and 13, when a session terminates or when a user logs out of a remote 
site, as long as the at least one of an expiration date and an expiration time has not expired, 
the short-tern) certificate can still be used, because as recited in claims 1 and 13 the short 
term certificate is never subject to revocation. 
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Furthermore, there is no teaching or suggestion to combine teaching of the Butt et ?iL 
patent with the Riggins patent to arrive at the invention claimed in amended independent 
claims I and 13. In fact, Riggins teaches away from a short-term certificate that is never 
subject to revocation as recited in amended independent claims I and 13. For example in the 
Abstract, the Riggins patent specifically states that *'[t]he web server engine maintains a 
revocation list that contains information identifying revoked temporary certificates, so that a 
revoked but thus far unexpired certificate can not be improperly used. The web site reviews 
the temporary certificate for authenticity and contacts the global server site to review the 
revocation list and determine whether the temporary certificate has been revoked," 

There is also no reasonable expectation of success for this suggested combination as 
stated in the Riggins patent at column 3, lines 17-19 "[t]emporary certificates can safely be 
installed because they expire quickly and can be revoked when the user leaves the remote 
site," and in Figure 8 and the corresponding text of the Riggins patent, the temporary 
certificate will be revoked if the certificate is not almost expired and the user is done with the 
session(t.e. logged out), and in the method illustrated in Figure 9, the secure communication 
engine determines if the temporary certificate has expired or whether the user has logged out. 
Thus, in the Riggins system that uses a temporary certificate at a remote site, the system 
relies on that when the user logs out of the remote site that the temporary certificate is 
revoked. Thus, there would be no reasonable expectation of success if such capabilities 
would be removed firom the Riggins system. 

Furthermore, the Examiner does not cite a reference for a directory for storing short- 
term authorization information related to the user as recited in amended independent claim 1 . 
The Examiner states that the Riggins patent does not specifically disclose short tctn 
authorizatioki information related to a user. Therefore, the Riggins patent does not teach 
or suggest a directory for storing short-term authorization information related to the user, 
as recited in amended independent claim 1 . Moreover, the Riggins patent also does not teach 
a short-term certificate binding the public key of the user to long-term identification 
information related to the user firom the long-term certificate and to the short-term 
authorization information related to the user from the directory as recited in amended 
independent claim 1 . 
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The Examiner cites the Butt et al. patent for teaching short-term authorisation 
information related to the user. However, the Butt et al. patent discloses beginning at column 

9, line 58 one embodiment having a field mdicating unbound access privileges, which is 
inserted by the core/certificate authority if the core determines that a •*super user" attribute 
should be inserted. Thus, field indicating unbound access privileges is not stored in a 
directory. Thus, the Butt et al. patent does not teach or suggest a directory for storing short- 
term authorization, information related to the user, as recited in amended independent claim 1. 
Moreover, the Butt et al. patent also does not teach a short-term certificate binding the public 
key of the user to long-term identification information related to the user from the long-term 
certificate and to the short-term authorization information related to the user from the 
directory as recited in amended independent claim 1 , 

One advantage of an embodiment of the invention having the short-term authorization 
information stored in a directory is disclosed in the present specification at page 1 1 lines 1-5 
which states: 

In one embodiment, credentials server 44 obtains the short-term 
information data needed to issue the short-term certificates from LDAP 
directory 42. In this embodiment, since credentials server 44 does not 
contain this short-term information data, credentials server 44 is easily 
replicated within public key authorization infrastructure 30 for 
increased performance. 

In view of the above, the combination of the Riggins patent, and the Butt et al. patent 
does not establish any of the three criteria of a prima facie case of obviousness toward 
amended independent claims 1 and 13. 

Dependent claims 3, 6, 8, and 10 are allowable as depending from an allov^rable base 
claim (claim 1) and are allowable on further independent groimds in view of the novel and 
nonobvious features and combinations set for therein. Dependent claims 1 5, 1 8, 20, and 22 
are allowable as depending from an allowable base claim (claim 1 3) and are allowable on 
further independent grounds in view of the novel and nonobvious features and combinations 
set forth therein. 

Therefore, Appellants respectfully request reversal of the rejection of claims 1, 3, 6, 8, 

10, 13, 15, 18, 20, and 22 under 35 U.S.C. § 103 and request allowance of these claims. 
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IIL Rejection of claim 4 and 16 under 35 U.S.C § J03(a) as being unpatentable over 
RigglnS US Patent No. 6,233,341 in view of Butt US Patent No. 6,754,829 in view of Noar 
US Patent No. 6;226,743. 

Dependent claim 4 is allowable as depending from an allowable base claim (claim 1) 
and is allowable on fiirther independent grounds in view of the novel and nonobvious features 
and combinations set for therein. Dependent claim 16 is allowable as depending from an 
allowable base claim (claim 13) and is allowable on further independent grounds in view of 
the novel and nonobvious features and combinations set forth therein. 

Therefore, Appellants respectfully request reversal of the rejection of claims 4 and 16 
under 35 U.S.C. § 103 and request allowance of these claims. 

IV, Rejections of claims 7, 9, 19 and 21 under 35 U-S.C. §l03(a) as being 
unpatentable over Rigglns US Patent No. 6^233^41 in viev*^ of Butt US Patent No, 
6,754^29 in view of Howell US Patent No. 5,276,901. 

Dependent claims 7 and 9 are allowable as depending from an allowable base claim 
(claim 1) and are allowable on fiirther independent grounds in view of the novel and 
nonobvious features and combinations set for therein. Dependent claims 19 and 21 are 
allowable as depending from an allowable base claim (claim 13) and are allowable on further 
independent grounds in view of the novel and nonobvious features and combinations set forth 
therein. 

Therefore, Appellants respectfiilly request reversal of the rejection of claims 7, 9, 19, 
and 21 under 35 U.S.C. § 103 and request allowance of these claims. 

V, Rejection of claims 11 and 23 under 35 U,S,C. §103(a) as being unpatentable 
over Rigging US Patent No. 6,233,341 in view of Butt US Patent No. 6,754,829 in view of 
Maruyama US Patent No- 6;393,563, 

Dependent claim His allowable as depending from an allowable base claim (claim 1) 
and is allowable on further independent grounds in view of the novel and nonobvious features 
and combinations set for therein. Dependent claim 23 is allowable as depending from an 
allowable base claim (claim 13) and is allowable on further independent grounds in view of 
the novel and nonobvious features and combinations set forth therein. 
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Therefore, Appellants respectfully request reversal of the rejection of claims 1 1 and 

23 under 35 U,S.C. § 103 and request allowance of these claims. 

VI. Rejection of claims 12 and 24 under 35 U,S*C. §103(a) as being unpatentable 
over Riggins US Patent No. 6,233,341 in view of Butt US Patent No. 6,754,829 in view of 
Kausik US Patent No. 6,263,446. 

Dependent claim 12 is allowable as depending from an allowable base claim (claim 1) 
and is allowable on further independent grounds in view of the novel and nonobvious features 
and combinations set for therein. Dependent claim 24 is allowable as depending from an 
allowable base claim (claim 13) and is allowable on further independent grounds in view of 
the novel and nonobvious features and combinations set forth therein. 

Therefore, Appellants respectfully request reversal of the rejection of claims 12 and 

24 under 35 U.S.C. § 103 and request allowance of these claims. 
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CONCLUSION 

For the above reasons. Appellants respectfully submit that the cited references neither 
anticipate nor render obvious claims of the pending Application, The pending claims 
distinguish over the cited references, and therefore, Appellants respectfully submit that the 
rejections must be withdravwi, and respectfully request the Examiner be reversed and claims 
U 3, 4, 6-13, 15, 16, and 18-24 be allowed. 

Any inquiry regarding this Response should be directed to either either Patrick G. 
Billig at the below-listed telephone numbers or Kevin Hart at Telephone No. (970) 898-7057, 
Facsimile No. (970) 898-7247. In addition, all correspondence should continue to be directed 
to the followmg address: 

IP Administration 
Legal Department, M/S 35 
HEWLETT-PACKARD COMPANY 
P.O. Box 272400 

Fort Collins, Colorado 80527-2400 



Dated: 



PGB:hsf 



Respectfully submitted, 
Francisco Corella 
By his attorneys, 

DICKE, BILLIG & CZAJA, PLLC 
Fifth Street Towers, Suite 2250 
100 South Fifth Street 
Minneapolis, MN 55402 
Telephone: (612) 573-2003 
Facsimile; (612) 573-2005 




Ick G. BilUg 
Reg. No. 38,080 



CERTIFICATE UNDER 37 C F R. I S : 



The undersigned hereby certifies that this paper or papers, as described herein, arc being transmitted via telefacsimile 10 
Fax No, (571) 273-8300 on this ?Q day of A/U,'f. 2007. 



By: 




NamV-l^trick G, Billig 
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CLATMS APPENDIX 

1 . (Previously Presented) A public key authorization infrastructure comprising: 
a client program accessible by a user; 
an application program; 

a certificate authority issuing a long-term public key identity certificate (long-term 
certificate) that binds a public key of the user to long-term identification information related 
to the user; 

a directory for storing short-term authorization information related to the user; and 
a credentials server for issuing a short-term public key credential certificate (short- 
term certificate) to the client, the short-term certificate binds the public key of the user to the 
long-term identification infoimation related to the user fi-om the long term certificate and to 
the short-term authorization information related to the user fi-om the directory, wherein the 
short-term certificate includes meta-data related to the short-term certificate and at least one 
of an expiration date and an expiration time and is never subject to revocation, wherein the 
client program presents the short-term certificate to the application program for authorization 
and demonstrates that the user has knowledge of a private key corresponding to the public 
key in the short-term certificate. 

2. (Cancelled) 

3. (Previously Presented) The public key authorization infrastructure of claim 1 wherein 
a validity period from when the credentials server issues the short-term certificate to the at 
least one of expiration date and expiration time is suflScientJy short such that the short-term 
certificate does not need to be subject to revocation. 

4. (Previously Presented) The public key authorization infi^tructure of claim 1 further 
comprising: 

a certificate revocation list (CRL), wherein the at least One of expiration date and 
expiration time of the short-term certificate is before the CRL is next scheduled to be 
updated. 



14 



PAGE 16/21 * RCVD AT 4/3012007 5:49:13 PM [Eastern Daylight Time] ' SVR:USPTO-EFXRF-3/19 ^ DNIS:2738300 ' CSID:612 573 2005 * DURATION (m):06-18 



04/30/2007 16:56 FAX 612 573 2005 



DICKE.BILLISSCZAJA P. A. 



©017 



Appe»] Brief to the Board of Patent Appeals and Interferences 

Applicant: Francisco Corella 
Serial No.; 09/483.185 
Filed; January 14,2000 
Docket No.: 10991054-1 

Title; AUTHORIZATION INFRASTRUCTURE BASED ON PUBLIC KEY CRYPTOGRAPHY 



5. (Cancelled) 

6. (Original) The public key authorization infrastructure of claim 1 wherein the short- 
term certificate is a tion-structured short-term certificate. 

7. (Previously Presented) The public key authorization infrastructure of claim 1 further 
comprising: 

a second application program; and 

wherein the short-term certificate is a structured short-term certificate including: 
a first folder corresponding to the first named application program and 

containing long-term information and short-term information as required by the first 

named application program; 

a second folder corresponding to the second application program and 

containing long-term information and short-term information as required by the 

second application; and 

wherein the first folder is open and the second folder is closed when the client 

presents the short-lcrm certificate to the first named application program for 

authorization, wherein closing the second folder makes its contents not readable by 

the first named application program. 

8. (Original) The public key authorization infrastructure of claim 1 wherein the short- 
term certificate is an X.509v3 certificate. 

9. (Original) The public key authorization infirastructure of claim 7 wherein the first 
folder and the second folder are implemented as extension fields of an X.509v3 certificate. 

10. (Original) The public key authorization infrastructure of claim 1 wherein the 
directory fiirther stores the issued long-terra certificate. 

1 1. (Original) The public key authorization infrastructure of claim 1 wherein the private 
key is stored in a smartcard accessible by the client program. 
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12. (Original) The public key authorization infrastructure of claim 1 wherein the private 
key is stored in a secure software wallet accessible by the client program. 

13. (Previously Presentecl) A method of authorizing a user, the method comprising the 
steps of: 

issuing a long-term public key identity certificate (long-term certificate) that binds a 
public key of the user to long-term identification information related to the user; 

storing short-term authorization information related to the user; 

issuing a short-term public key credential certificate (short-term certificate) that binds 
the public key of the user to the long-term identification information related to the user 
contained in the long-term certificate and to the short-term authorization information related 
to the user wherein the short-term certificate includes meta-data related to the short-term 
certificate and at least one of an expiration date and an expiration time and is never subject to 
revocation; and 

presenting the short-term certificate on behalf of the user to an application program 
for authorization and demonstrating that the user has knowledge of a private key 
corresponding to the public key in the short-term certificate. 

14. (Cancelled) 

15. (Previously Presented) The method of claim 13 wherein a validity period firom when 
the short-term certificate is issued to the at least one of expiration date and expiration time is 
sufficiently short such that the short-term certificate does not need to be subject to revocation, 

16. (Previously Presented) The method of claim 13 further comprising the step of: 
maintaining a certificate revocation list (CRL), wherein the at least one of expiration 

date and expiration time of the short-term certificate is before the CRL is next scheduled to 
be updated. 

17. (Cancelled) 
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18. (Original) The method of claim 13 wherein the short-temi certificate is a non- 
structured short-term certificate. 

19. (Previously Presented) The method of claim 13 wherein the short-term certificate is 
a structured short-term certificate including a first folder corresponding to the first named 
application program and containing long-term information and short-term information as 
required by the first named application program, and including a second folder corresponding 
to a second application program and containing long-term information and short-term 
information as required by the second application, wherein the method further comprises: 

closing the second folder and leaving the first folder open prior to the 
presenting step if the presenting step presents the short-term certificate to the first 
named application program for authorization, vvherein closing the second folder 
makes its contents not readable by the first named application program. 

20- (Original) The method of claim 13 wherein the short-term certificate is an X.509v3 
certificate. 

21 . (Original) The method of claim 19 wherein the first folder and the second folder are 
implemented as extension fields of an X.509v3 certificate, 

22. (Original) The method of claim 13 wherein the method further comprises the step of: 
storing the issued long-term certificate in a directory. 

23. (Original) The method of claim 13 further comprising the step of; 
storing the private key in a smartcard, 

24. (Original) The method of claim 13 further comprising the step of; 
storing the private key in a secure software wallet. 
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EVTDENCE APPENDIX 

None. 
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RELATED PROCEEDINGS APPENDIX 

None. 
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